Huge news!Announcing our $20M Series A led by Andreessen Horowitz.Learn more
Socket
Socket
Log inDemoInstall

Git dependency

Severity

Critical

Description

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Suggestion

Publish the git dependency to npm or a private package repository and consume it from there.

Packages with this issue

10up-toolkit

Collection of reusable scripts for 10up development.

nicholasio
 published 5.2.0 •

aegir

JavaScript project management

victorbjelkholm
 published 15.3.1 •

algosdk

algosdk is Algorand's official javascript SDK

rotemh
 published 1.2.0 •

angular-rrule-recurring-select

Recurrence editor

mchapman
 published 0.1.1 •

arbundles

Arweave bundling library

jessetherobot
 published 0.6.22 •

baileys-md

WhatsApp API

zeeoneofc
 published 5.0.5 •

baileysssss

WhatsApp API

kazedevid
 published 4.4.5 •
2345
9Next
SocketSocket SOC 2 Logo

Product

  • Package Issues
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc